Should this technology be used? Is it a secure solution? Look at statistics and global overview (see British ex in article) for the use of ePassports. Look at types of ePassports Use of RFID, or proposed use...link with USA and the need for secure immigration/tourism Issue: Cloning a passport is not secure...technology is unreliable as it is not doing the job?
The electronic Passport is the same as a regular passport with the addition of a small contactless integrated circuit (computer chip) embedded in the back cover. The chip will securely store the same data visually displayed on the photo page of the passport, and will additionally include a digital photograph. The inclusion of the digital photograph will enable biometric comparison, through the use of facial recognition technology at international borders. A great advantage is that the passports without chips will still be valid for the full extent of their validity period. All countries under the Visa Waiver Program will issue the new passport setting the international standard. Malaysia was the first country in the world to issue biometric passports in March 1998, after a local company, IRIS Corporation, developed the technology [2]. A lot of changes are happening to passports for the years to come, including photo standards, e-appasports, biometrics, etc. Over 80% of the eligible population [3] has a passport and its important that the general public are aware of the biometric technology and how it will change the face of their passport and what advantages they can bring in safeguarding our identities.
Biometrics passports are being introduced all over the world to:
help fight passport fraud and forgery;
facilitate more robust border controls and it time, automated immigration checks;
meet international standards set by the International Civil Aviation Organisation (ICAO);
However, since a lot of countries are starting to use these new passports, they have come out too quickly and are not as secure as they should be, which means that they are easy to clone.It is widely accepted in the industry that most computer chips can be cloned, just like a passport could be photocopied. The most important question is whether the ability to clone a chip similar to that incorporated in the passport actually poses a threat to the security of the passport, it would not be possible to successfully forge a passport by doing this.
Criterion B: The IT Background of the Issue
RFID: What is this? advantages? disadvantages? Hardware needed? Pc/chip Software needed? what is RFDUmp? What data is stored on the chip? cloned ePassport behaves the same as real ePassport = problem, but why??? describe IT System What other systems are there for passports or immigration etc?
RFID - Radio Frequency identification (ID). Refers to the technology that uses devices attached to objects that transmit data to an RFID receiver. An alternative to bar coding. Advantages include data capacity, read/write capability, and no line-of-sight requirements.
RFDump is a software developed by Lukas Grunwald and Christian Bottger. It is used to download an e-passport's data to a computer and then to a blank chip, hence cloning the e-passport within five minutes.
The chip in the new biometric e-Passport is part of a suite of new security features to help fight passport fraud and forgery. It is protected through three layers of security:
A digital signature to show the encoded data is genuine and which country has issued the passport.
A protection against unauthorised readings ("skimming") through Basic Access Control, a secure access protocol.
The data will be locked down using a Public Key Infrastructure (PKI), which provides protection against encoded data being changed. PKI is a digital encryption technology, which enables validation of the data as being genuine.
The new passport have a contactless chip. Although the chip will not reside in the first passports issued, the intention is that all passports should contain a micro chip with various information. Adding the chip to a passport is somewhat similar to adding a chip to a payment card, e.g. Visa or MasterCard. This means added complexity in issuing passports but eventually the speed and increased level of security should well outweigh the hurdles of implementing the new secured system.
Criterion C: The Impact of the Issue
Who are the stakeholders (gov, individual)? Are issues raised in Section A addressed here? Social impacts? Ethical impacts? Advantages and disadvantages? FIDIS? what is this? is it useful? You musit identify ONE MAIN PROBLEM eg access controp of the passport is compromised with the proposed ePassport system
The use of ePassports serves the purpose of helping immigration to know if you are really you because the chip in the passport has your fingerprints, your photos and all your details so the immigration can actually check it it is really you. It is also meant to be a lot faster as it is a machine read able passport. This can really develop into something really big and good for all countries but it is being released in such a hurry that there are many flaws that they should fix before releasing it.
There are many problems with this new passport, firstly the radio frequency from the passport can easily be read from a electronic reader from a few meters away so someone can easily steal information from peoples' passports. This gives all the infotmation on the chips surface such as name, address, birth date and other personal details. However, with a few other softwares you can actually go into more details into the passprot which is quite unsecure. They will be storing information such as visa waivers, places you go and have went to in the past and much more, which can easily fall into the wrong hands. Once this information is taken with in five minutes a clone of the passport can be made and it is impossible to tell the difference from the real one, this is made through the use of RFDump which is a software that takes information from an RFID chip and puts it into another one. This step taken to make life harder for terrorists can actually make it easier for them, because with these passports terrorists can actually make bombs that go off when someone from a certain nationality comes near. This is actually possible because of the RFID chips.
FIDIS (Future of Identity in the Information Society) is a large European Union-sponsored project targeting various aspects of digital identity and privacy. The partners of this project are people who work at universities and companies and they are working in areas related to digital identity. Their areas of interest include new forms of ID cards, usage of identifiers in information systems, technologies used for citizen's identification and profiling. FIDIS can help to make ePassports more secure since these passports aren’t so secure and can be cloned in such a way that no difference is distinguished. The ePassport was created with poor technology and with poor standard but that remained oblivious to the makers of the passport and thus they forgot its flaws the main being the RFID chips. [5]
However FIDIS is useful since it deals with digital identity so it can help block the signal of these RFID chips and make it impossible for unauthorized users to gain access to personal information in these ePassports.
Criterion D: A Solution to a Problem Arising from the Issue
There are many small solutions to the promlem of RFID chips. However, the best solution to our impact is to get rid of RFID chips all together because they are so easy to track, even if they put a metal tin foil on the top of it. It is just much easier to have the swipe cards that they had a year or 2 back, They only way other people can read those information is if they have acces to the passport and goverenment database. So the swipe passports are much less vulnerable from the theft of passport data and it is also secure because it can hold data such as fingerprints and retina scan if the governments wanted to do something like that.
The solution to this problem could take some time, a fingerprint or eye retina identifier could be an alternative. A normal ID card could be used by the immigrants. It is a different issue with citizens of countries like Bangladesh where we require visa to travel, European or American citizens don’t require visa’s to travel to most of the countries so they would only read an identifier but other require visas and old style stamping method in the immigration office.
Another solution to this would be to use magnetic stripes like they do in hotels. This would ensure that no one else can take the data unless its swiped on the reader
[2] "ePassport ." Education Foundation Community . 1 Dec. 2005. 4 Feb. 2007 http://www.epassport.com/
[3] Home Office. "Biometric Passports." Home Office- Indentity and Passport Service.
2006. Home Office. 4 Feb. 2007 http://www.ukpa.gov.uk/
general_biometrics.asp
Portfolio Example Class Essay
Table of Contents
Title:
ePassport - Keep them outside the borders or help them inside it?Area of Impact: Government and Politics
Citation of article
Reid, David. "ePassports 'at risk' from cloning." BBC News. 15 Dec. 2006. BBC. 2Feb. 2007 <http://news.bbc.co.uk/2/hi/programmes/click_online/
6182207.stm>
Word Count
So far: 1510Authors:
Salmaan Beg, Shakila Sattar, Sabbab, Salma Sarwar, Atif Sattar, Omar Chowdhury, Cannelle CuvelierSymbol for biometric passports
Criterion A: Presentation of the Issue
Should this technology be used? Is it a secure solution?
Look at statistics and global overview (see British ex in article) for the use of ePassports.
Look at types of ePassports
Use of RFID, or proposed use...link with USA and the need for secure immigration/tourism
Issue: Cloning a passport is not secure...technology is unreliable as it is not doing the job?
The electronic Passport is the same as a regular passport with the addition of a small contactless integrated circuit (computer chip) embedded in the back cover. The chip will securely store the same data visually displayed on the photo page of the passport, and will additionally include a digital photograph. The inclusion of the digital photograph will enable biometric comparison, through the use of facial recognition technology at international borders. A great advantage is that the passports without chips will still be valid for the full extent of their validity period. All countries under the Visa Waiver Program will issue the new passport setting the international standard. Malaysia was the first country in the world to issue biometric passports in March 1998, after a local company, IRIS Corporation, developed the technology [2]. A lot of changes are happening to passports for the years to come, including photo standards, e-appasports, biometrics, etc. Over 80% of the eligible population [3] has a passport and its important that the general public are aware of the biometric technology and how it will change the face of their passport and what advantages they can bring in safeguarding our identities.
Biometrics passports are being introduced all over the world to:
However, since a lot of countries are starting to use these new passports, they have come out too quickly and are not as secure as they should be, which means that they are easy to clone.It is widely accepted in the industry that most computer chips can be cloned, just like a passport could be photocopied. The most important question is whether the ability to clone a chip similar to that incorporated in the passport actually poses a threat to the security of the passport, it would not be possible to successfully forge a passport by doing this.
Criterion B: The IT Background of the Issue
RFID: What is this? advantages? disadvantages?
Hardware needed? Pc/chip
Software needed? what is RFDUmp? What data is stored on the chip?
cloned ePassport behaves the same as real ePassport = problem, but why??? describe IT System
What other systems are there for passports or immigration etc?
RFID - Radio Frequency identification (ID). Refers to the technology that uses devices attached to objects that transmit data to an RFID receiver. An alternative to bar coding. Advantages include data capacity, read/write capability, and no line-of-sight requirements.
RFDump is a software developed by Lukas Grunwald and Christian Bottger. It is used to download an e-passport's data to a computer and then to a blank chip, hence cloning the e-passport within five minutes.
The chip in the new biometric e-Passport is part of a suite of new security features to help fight passport fraud and forgery. It is protected through three layers of security:
The new passport have a contactless chip. Although the chip will not reside in the first passports issued, the intention is that all passports should contain a micro chip with various information. Adding the chip to a passport is somewhat similar to adding a chip to a payment card, e.g. Visa or MasterCard. This means added complexity in issuing passports but eventually the speed and increased level of security should well outweigh the hurdles of implementing the new secured system.
Criterion C: The Impact of the Issue
Who are the stakeholders (gov, individual)?
Are issues raised in Section A addressed here?
Social impacts?
Ethical impacts?
Advantages and disadvantages?
FIDIS? what is this? is it useful?
You musit identify ONE MAIN PROBLEM eg access controp of the passport is compromised with the proposed ePassport system
The use of ePassports serves the purpose of helping immigration to know if you are really you because the chip in the passport has your fingerprints, your photos and all your details so the immigration can actually check it it is really you. It is also meant to be a lot faster as it is a machine read able passport. This can really develop into something really big and good for all countries but it is being released in such a hurry that there are many flaws that they should fix before releasing it.
There are many problems with this new passport, firstly the radio frequency from the passport can easily be read from a electronic reader from a few meters away so someone can easily steal information from peoples' passports. This gives all the infotmation on the chips surface such as name, address, birth date and other personal details. However, with a few other softwares you can actually go into more details into the passprot which is quite unsecure. They will be storing information such as visa waivers, places you go and have went to in the past and much more, which can easily fall into the wrong hands. Once this information is taken with in five minutes a clone of the passport can be made and it is impossible to tell the difference from the real one, this is made through the use of RFDump which is a software that takes information from an RFID chip and puts it into another one. This step taken to make life harder for terrorists can actually make it easier for them, because with these passports terrorists can actually make bombs that go off when someone from a certain nationality comes near. This is actually possible because of the RFID chips.
FIDIS (Future of Identity in the Information Society) is a large European Union-sponsored project targeting various aspects of digital identity and privacy. The partners of this project are people who work at universities and companies and they are working in areas related to digital identity. Their areas of interest include new forms of ID cards, usage of identifiers in information systems, technologies used for citizen's identification and profiling. FIDIS can help to make ePassports more secure since these passports aren’t so secure and can be cloned in such a way that no difference is distinguished. The ePassport was created with poor technology and with poor standard but that remained oblivious to the makers of the passport and thus they forgot its flaws the main being the RFID chips. [5]
However FIDIS is useful since it deals with digital identity so it can help block the signal of these RFID chips and make it impossible for unauthorized users to gain access to personal information in these ePassports.
Criterion D: A Solution to a Problem Arising from the Issue
There are many small solutions to the promlem of RFID chips. However, the best solution to our impact is to get rid of RFID chips all together because they are so easy to track, even if they put a metal tin foil on the top of it. It is just much easier to have the swipe cards that they had a year or 2 back, They only way other people can read those information is if they have acces to the passport and goverenment database. So the swipe passports are much less vulnerable from the theft of passport data and it is also secure because it can hold data such as fingerprints and retina scan if the governments wanted to do something like that.
The solution to this problem could take some time, a fingerprint or eye retina identifier could be an alternative. A normal ID card could be used by the immigrants. It is a different issue with citizens of countries like Bangladesh where we require visa to travel, European or American citizens don’t require visa’s to travel to most of the countries so they would only read an identifier but other require visas and old style stamping method in the immigration office.
Another solution to this would be to use magnetic stripes like they do in hotels. This would ensure that no one else can take the data unless its swiped on the reader
Criterion E: Selection and Use of Sources
[1] Wikipedia. "Biometric Passports." Wikipedia. 8 Feb. 2007. Wikipedia. 3 Feb. 2007
<http://en.wikipedia.org/wiki/Biometric_passport>.
[2] "ePassport ." Education Foundation Community . 1 Dec. 2005. 4 Feb. 2007
http://www.epassport.com/
[3] Home Office. "Biometric Passports." Home Office- Indentity and Passport Service.
2006. Home Office. 4 Feb. 2007 http://www.ukpa.gov.uk/
general_biometrics.asp
[4] Star Support. Glossary of Internet and Computer terms. 2007. 7 Feb. 2007
<http://www.5starsupport.com/glossary/r.htm>.
[5] FIDIS. FIDIS. 2007. 7 Feb. 2007 <http://www.fidis.net/>
Impact of Issue and problem to solution resources
[6] “Feds Rethinking RFID Passport.” Wired News . 26 Apr. 2005. 11 Feb. 2007 <http://www.wired.com/news/privacy/0,1848,67333,00.html>.
[7] Fogie, Seth. “Wireless Security .” Security Focus . 30 Oct. 2005. 13 Feb. 2007 <http://www.securityfocus.com/archive/137/415442/30/660/threaded>.
[8] Gross, Grant. “United States to Require RFID Chips in Passports.” PC World . 26 Oct. 2005. 13 Feb. 2007 <http://www.pcworld.com/article/id,123246-page,1/article.html>.
[9] Larkin, Erik. “Electronic Passports May Make Traveling Americans Targets, Critics Say.” PC World . 11 Apr. 2005. 11 Feb. 2007 <http://www.pcworld.com/article/id,120292-page,1/article.html>.
[10] “RFID Passports: Not Dead Yet.” RFID Kills . 13 Dec. 2006. 11 Feb. 2007 <http://www.rfidkills.com/>.
[11] “RFID tags become hacker target.” Cnet News.com. 11 Feb. 2007 <http://news.com.com/RFID+tags+become+hacker+target/2100-1029_3-5287912.html>.
[12] “Security and Privacy of the e-Passport.” U.S Department of State . 11 Feb. 2007 <http://travel.state.gov/passport/eppt/eppt_2502.html>.
[13] Zetter, Kim. “Hackers Clone E-Passports.” Wired News . 3 Aug. 2006. 11 Feb. 2007 <http://www.wired.com/news/technology/0,71521-0.html>.